Cisco Patches IPv6 Vulnerability in Carrier Routers

Description

Cisco said on Thursday it has patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.

The vulnerability, Cisco said, rests in the IPv6 processing code used by IOS XR in the Cisco CRS-3 Carrier Routing System. The bug is remotely exploitable and is due to incorrect processing of legitimate IPv6 packets carrying valid IPv6 extension headers. Cisco said while the headers are valid, they’re unlikely to be seen in “normal operation.”

“An attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic,” Cisco said in its advisory. “An exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition.”

Cisco said that a software update is available, and added there are no workarounds. The advisory adds that the vulnerability was found internally and Cisco is not aware of public exploits.

Cisco said the carriers and other customers already running Cisco IOS XR releases 4.2.1 and later are unaffected since the software already contains the fix.

Cisco urges affected customers to patch immediately since the vulnerability can be repeatedly attacked and cause extended downtime on the device. The bug, Cisco said, can be triggered by IPv6 transit traffic, or traffic sent to the device.

Cisco said the most severe issue according to Cisco involves multiple vulnerabilities in Cisco IOS and IOS XE Autonomic Networking Infrastructure, a feature that is vulnerable to remote attack leading to router or switch crashes or a hacker remotely gaining control of the affected device.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018

Protected by

{"enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "edition": 1, "href": "https://threatpost.com/cisco-patches-ipv6-vulnerability-in-carrier-grade-router-system/113295/", "cvss": {"score": 0.0, "vector": "NONE"}, "threatPostCategory": "Vulnerabilities", "history": [], "bulletinFamily": "info", "viewCount": 6, "cvelist": [], "modified": "2015-06-12T14:00:10", "hash": "ebd4baef7f5ff849a27173abeaa415709292a2cd95cbbc3d0d259e02aad8e10b", "published": "2015-06-12T10:00:00", "references": ["https://threatpost.com/fbi-warned-state-election-board-systems-of-hacks/120198/", "https://threatpost.com/chrome-53-fixes-address-spoofing-vulnerability-32-other-bugs/120305/", "https://threatpost.com/denial-of-service-and-memory-vulnerabilities-patched-in-cisco-ios/111819", "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr", "https://threatpost.com/threatpost-news-wrap-august-26-2016/120152/"], "description": "Cisco said on Thursday it has patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.\n\nThe vulnerability, Cisco said, rests in the IPv6 processing code used by IOS XR in the Cisco CRS-3 Carrier Routing System. The bug is remotely exploitable and is due to incorrect processing of legitimate IPv6 packets carrying valid IPv6 extension headers. Cisco said while the headers are valid, they\u2019re unlikely to be seen in \u201cnormal operation.\u201d\n\n### Related Posts\n\n#### [Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs](<https://threatpost.com/chrome-53-fixes-address-spoofing-vulnerability-32-other-bugs/120305/> \"Permalink to Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs\" )\n\nSeptember 1, 2016 , 11:52 am\n\n#### [FBI Warned State Election Board Systems of Hacks](<https://threatpost.com/fbi-warned-state-election-board-systems-of-hacks/120198/> \"Permalink to FBI Warned State Election Board Systems of Hacks\" )\n\nAugust 29, 2016 , 5:40 pm\n\n#### [Threatpost News Wrap, August 26, 2016](<https://threatpost.com/threatpost-news-wrap-august-26-2016/120152/> \"Permalink to Threatpost News Wrap, August 26, 2016\" )\n\nAugust 26, 2016 , 9:00 am\n\n\u201cAn attacker could exploit this vulnerability by sending such an IPv6 packet to an affected device that is configured to process IPv6 traffic,\u201d Cisco said in its [advisory](<http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150611-iosxr>). \u201cAn exploit could allow the attacker to cause a reload of the line card, resulting in a DoS condition.\u201d\n\nCisco said that a software update is available, and added there are no workarounds. The advisory adds that the vulnerability was found internally and Cisco is not aware of public exploits.\n\nThe vulnerability affects: Cisco IOS XR Releases 4.0.1, 4.0.2, 4.0.3 and 4.0.4; Cisco IOS XR Releases 4.1.0, 4.1.1 and 4.1.2; Cisco IOS XR Release 4.2.0, and is patched in the following software maintenance updates: hfr-px-4.1.0.CSCtx03546.pie for release 4.1.0; hfr-px-4.1.1.CSCtx03546.pie for release 4.1.1; hfr-px-4.1.2.CSCtx03546.pie for release 4.1.2; hfr-px-4.2.0.CSCtx03546.pie for release 4.2.0.\n\nCisco said the carriers and other customers already running Cisco IOS XR releases 4.2.1 and later are unaffected since the software already contains the fix.\n\nCisco urges affected customers to patch immediately since the vulnerability can be repeatedly attacked and cause extended downtime on the device. The bug, Cisco said, can be triggered by IPv6 transit traffic, or traffic sent to the device.\n\nCisco generally sends IOS patches on a semiannual basis, in March and September. The bulk of the [March advisories addressed denial of service vulnerabilities](<https://threatpost.com/denial-of-service-and-memory-vulnerabilities-patched-in-cisco-ios/111819>) in the networking operating system.\n\nCisco said the most severe issue according to Cisco involves multiple vulnerabilities in Cisco IOS and IOS XE Autonomic Networking Infrastructure, a feature that is vulnerable to remote attack leading to router or switch crashes or a hacker remotely gaining control of the affected device.", "type": "threatpost", "id": "CISCO-PATCHES-IPV6-VULNERABILITY-IN-CARRIER-GRADE-ROUTER-SYSTEM/113295", "lastseen": "2016-09-04T20:51:33", "reporter": "Michael Mimoso", "objectVersion": "1.2", "title": "Cisco Patches IPv6 Vulnerability in Carrier Routers"}